My name is Dr Joel Sheridan and I am a Clinical Psychologist working in private practice as well as in the NHS . In my private practice capacity, I gather and store confidential information about my clients in my day to day work. The processing and storage of client information is necessary for the intended purpose of carrying out psychological assessments, planning treatment interventions and managing the business side of running a practice. The legal basis for processing client data therefore falls under “Legitimate Interests”.
The data I obtain is partly demographic information (address, date of birth etc.) and partly session notes that are written up after each appointment. I largely operate a paperless office and so I shred materials once I have finished work with a client. Data is simply retained electronically thereafter.
Data Retention Periods
Electronic client notes are retained for a period of 7 years before they are permanently deleted. The period of 7 years is set in accord with professional insurance policies such as Balens Professional Insurance policies that recommends that records be kept for at least 7 years. At the end of the 7 year period, the information will be reviewed and deleted unless there is some particular reason for keeping it. If the unlikely event I were to decide against deleting it at that point, I would record my reasons for doing so and would contact the individual to let them know why.
After the 7 year period, and after patient files are permanently deleted, the only data retained will be the basics: name of patient, number of sessions, outcome, and discharge date.
Receiving a request for the client notes
I have not yet been in the position where I have been asked to provide client notes by a solicitor or by the Police. However, it is possible that this could occur. After receiving such a request I would endeavour to first let the client know and attempt to gain their consent before sharing.
Requesting access to data
You are able to request copies of all the data I hold on you via a “subject access request”. The timescale for responding to such a request is 30 calendar days, except for exceptional circumstances.
Who I may share data with
If you have been referred by a psychiatrist or other medical professional then details of your treatment may be shared with them, unless you have specified you do not wish this to happen.
Information about your treatment and information that you share with me is confidential. The only case where confidentiality may be breached is in the event that you gave me cause for concern e.g. if it appeared that you posed a significant risk of harm to yourself or to someone else. This is very rare in my experience . However, patients need to be clear about this from the outset.
Client data protection rights
Please note that you have data protection rights (GDPR implementation date :25 May 2018). These are outlined thoroughly in the Guide to the General Data Protection Regulation on the www.Ico.org.uk website. These relate to the way that information about people is stored and accessed amongst other things.
If you have any concerns about the privacy of your data, or you feel that there has been a breach in the way that I am handling your data, please do not hesitate to speak to me about this. I will do my best to address your concerns. Please be aware that should you feel that your concerns have not been adequately addressed by me you have the right to complain to the ICO (Information Commissioner’s Office).
What and where I store data
Basic contact details:
Client name, tel. no. and email address with a single "C" to denote them as a client of mine are saved to my iPhone contacts and backed up by iCloud. There is nothing saved in contacts to denote that clients are seeing me for psychological therapy.
Clinical note taking, client details sheet, appointments and questionnaires are stored on WriteUpp, a well-known clinical note-taking software service. WriteUpp is trusted by over 13,000 clinicians worldwide. It uses encryption to ensure the best possible security https://www.writeupp.com/security
I use a secure email system called Private Email https://privateemail.com. The has strong security features. However, email systems can never be relied upon as 100% secure so bear this in mind in terms of what you include in correspondence. You may wish to registered for a more secure method such as Egress Switch if sharing private information over email.
I use WriteUpp to automatically send an SMS reminder to clients the day before their sessions. If you do not wish to be sent reminders then please drop me an email saying you wish to "opt out" of this service. I will then update this on your record. Should this reminder system not work in a given week (for whatever reason), you would still be expected to remember the appointment times we have agreed over email. So please regard these SMS reminders as a bonus, rather than relying upon them.
I use award winning bookkeeping software called FreeAgent, which is trusted by Natwest and other major banks.
Client records for patients seen prior to Dec 2021:
Dr. Joel Sheridan, Clinical Psychologist